Aggregator

一、境外厂商产品漏洞1、Adobe InDesign越界读取漏洞Adobe InDesign是美国奥多比（Adobe）公司的一套排版编辑应用程序。Adobe InDesign存在越界读取漏洞，攻击者可

2025年01月20日-2025年01月26日本周漏洞态势研判情况本周信息安全漏洞威胁整体评价级别为中。国家信息安全漏洞共享平台（以下简称CNVD）本周共收集、整理信息安全漏洞304个，其中高危漏洞1

新闻速览 2024年全国检察机关共起诉各类侵害企业数据安全犯罪近千人 民政部、全国妇联等18部门印发《困境儿童 […]

A vulnerability was found in IBM Security Directory Integrator and Security Verify Directory Integrator 7.2.0. It has been rated as problematic. Affected by this issue is some unknown functionality. The manipulation leads to exposure of information through directory listing. This vulnerability is handled as CVE-2024-28766. The attack can only be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

Новая серия смартфонов разделит правду и вымысел в цифровом мире.

A vulnerability was found in Norz zawhttpd 0.8.23. It has been rated as critical. This issue affects some unknown processing. The manipulation leads to memory corruption. The identification of this vulnerability is CVE-2006-2222. The attack may be initiated remotely. Furthermore, there is an exploit available.

Борис Чернышов предлагает новый подход к цифровому суверенитету

在这一波 AI 热中，谁最有可能在日常生活中欣然接受 AI？根据发表在《Journal of Marketing》期刊上的一项研究，不是熟悉 AI 工作原理的人，而是对 AI 了解越少的人越愿意使用 AI。研究人员将普及倾向差异称之为“识字率越低——接受度越高”关联。这种关联不仅仅发生在不同群体中，也发生在不同国家中。研究人员发现，在 27 个国家中，AI 素养越低的国家越愿意普及 AI；在美国大学本科生中，对 AI 了解越少的学生越可能表示在作业中使用 AI。熟悉 AI 工作原理的人知道算法、训练数据和计算模型如何运作，AI 对他们并不神秘。不熟悉 AI 的人则被其表现震撼了，感到不可思议，这种感受促使他们更可能使用 AI 工具。

A vulnerability, which was classified as problematic, has been found in Altra Side Menu Plugin up to 2.0 on WordPress. This issue affects some unknown processing. The manipulation leads to cross-site request forgery. The identification of this vulnerability is CVE-2024-12774. The attack may be initiated remotely. There is no exploit available.

A vulnerability classified as critical was found in Social Share Buttons Plugin up to 2.7 on WordPress. This vulnerability affects unknown code. The manipulation leads to path traversal. This vulnerability was named CVE-2024-13117. The attack can be initiated remotely. There is no exploit available.

A vulnerability classified as problematic has been found in WP Triggers Lite Plugin up to 2.5.3 on WordPress. This affects an unknown part. The manipulation leads to cross site scripting. This vulnerability is uniquely identified as CVE-2024-13095. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability was found in IBM Security Directory Integrator and Security Verify Directory Integrator 7.2.0. It has been rated as problematic. Affected by this issue is some unknown functionality. The manipulation leads to exposure of information through directory listing. This vulnerability is handled as CVE-2024-28766. The attack can only be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, was found in php-fusion 9.03.50. This affects an unknown part of the file downloads/downloads.php. The manipulation as part of Request leads to improper privilege management. This vulnerability is uniquely identified as CVE-2020-24949. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

Threat hunters have detailed an ongoing campaign that leverages a malware loader called MintsLoader to distribute secondary payloads such as the StealC information stealer and a legitimate open-source network computing platform called BOINC. "MintsLoader is a PowerShell based malware loader that has been seen delivered via spam emails with a link to Kongtuke/ClickFix pages or a JScript file,"

Threat hunters have detailed an ongoing campaign that leverages a malware loader called MintsLoader

A lot of companies sending emails daily discover that their clients also receive fraudulent mes

Learn how DMARC email security can protect your brand, improve deliverability, and prevent phishing attacks. Get expert advice and best practices.

The post DMARC Email Security: A Guide to Protecting Your Domain  appeared first on Security Boulevard.

Threat actors demonstrated a methodical approach in a recent cyberattack, taking 11 days from initial compromise to fully deploy LockBit ransomware across a victim’s network. The incident, detailed in a report by The DFIR Report, showcases the evolving tactics of ransomware operators and the critical need for robust cybersecurity measures. The attack began in late […]

The post Hackers Tool 11 Days To Deploy LockBit Ransomware From Initial Compromise appeared first on Cyber Security News.